ISO 27001:2013 ISMS

ISMS 27001:2013 Awareness Training

Introduction

This ISO 27001 Information Security Awareness foundation training course is useful as an introduction for anyone involved in the development, implementation and management of an ISO 27001:2013 Information Security Management System (ISMS).

The aim of this course is to provide participants with an overview of the purpose and requirements of ISO 27001:2013 as a tool for business improvement.

Learning Objective

The Information Security Management Systems, or ISMS, standard specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.

This one-day course begins with the understanding of the concept of Information Security Management, the requirements of ISO/IEC 27001:2013 certification standard, and its relation to the ISO 27000 series of standards for information security management.

Learning Outcome

By the end of this course, participants will be able to:Explain the purpose and intent of the ISO 27001.

Describe the requirements of the ISO 27001

Understand the key Information Security issues that need to be addressed by a business

Provide an ISMS implementation strategy for Senior Management

Deliver an Outline of an Information Security Management System ISO 27001 Information Security Awareness, once completed, participants will be able to register for an ISO 27001 Internal Auditor training course.

Briefly describe what students will know and be able to do by the end of the course.

On completion successful students will have the knowledge and skills to:

Knowledge

Explain the purpose and Business benefits of information security management system, of information security management systems standards, of management system audit, of third party certification

Explain the role of an auditor to plan, conduct, report and follow up an information security management system audit in accordance with ISO 19011

Skills

Plan, conduct, report and follow-up an audit of a information security management system to establish conformity (or otherwise) with ISO 27001(with ISO/IEC 27002) and in accordance with ISO 19011, and ISO/IEC 17021.

Training Methodology

Lectures

Group Work

Case Studies

Discussions

Course Period

2 consecutive Days

Exam

There will be 1 hour exam at the last day of the training

Educational approach

This training is based on both theory and practice:

Sessions of lectures illustrated with examples based on real cases

Review exercises to assist the exam preparation

Practice test similar to the certification exam

To benefit from the practical exercises, the number of training participants is limited

Certificate of Achievement

EuroStar Certification Services will issue a certificate of achievement to successful Participants based on performance during the course.

ISMS 27001:2013 Lead Auditor

Why should you attend?

To attend this course, you should already have knowledge of the key Plan-Do-Check-Act (PDCA) cycle within management systems. You should also have knowledge of Information Security Management principles, concepts and specifically the requirements of ISO/IEC 27001:2013.

Our experienced tutors will teach you how to lead, plan, execute and report on an audit of an ISMS in an organization assessing its conformance with ISO/IEC 27001:2013.

Tutors on our Lead Auditor courses will expand on your existing knowledge of the standard and develop your skills and ability to lead a team to conduct audits of ISMS to the standard.

Through a combination of tutorials, syndicate exercises and role play, you will learn everything you need to know about how an ISMS audit should be run including conducting second and third-party audits.

Who should attend?

This is intended for those who will be involved in leading audits of ISMS that conforms to ISO/IEC 27001:2013 in any organization.

Suggested job roles and their teams include:

Information security managers

IT and corporate security managers

Corporate governance managers

Risk and compliance managers

Information security consultants

Learning Objective

What is the purpose and business benefits of an ISMS, ISMS standards, ISMS audits and third party certification

What is the role and skills required by an auditor when planning, conducting, reporting and following up on an ISMS audit in accordance with ISO/IEC 27001:2013, ISO/IEC 27002:2013, Information technology — Security techniques — Code of practice for information security controls, ISO 19011:2011, Guidelines for auditing management systems and where applicable, ISO 17021:2011, Conformity assessment – Requirements for bodies providing audit and certification of management systems

Your company will have an internal resource and process to be able to conduct its own audit of its ISMS to assess and improve conformance with ISO/IEC 27001:2013

You will gain a professional qualification that certifies that you have the knowledge and skills to be able to lead a team to conduct an audit of an ISMS in any organization that satisfies IRCA guidelines

Successful auditing will improve the protection of any organization’s private data to meet market assurance and corporate governance needs

Examination and Certification

The “Certified ISMS 27001 Lead Auditor” exam fully meets the requirements of the Examination and Certification Programme (ECP). The exam covers the following competency domains:

Domain 1: Fundamental principles and concepts of an Information Security Management System (ISMS)